Individuals routinely use electronic devices to conduct transactions, such as to purchase items, transfer money, or access premium content. Typically, in order to engage in such transactions, an individual must first register for an account and supply or be issued a credential, such as a password. The user credential serves as an access or other control to help ensure that only an authorized user is permitted to engage in the transaction. Unfortunately, passwords can be guessed or otherwise compromised by nefarious individuals seeking to impersonate a legitimate user. In some cases, rudimentary device identifiers are used, either in conjunction with or instead of user credentials, to improve assurances that a legitimate user (via an appropriate device) is attempting to engage in a transaction. A correct user credential supplied via a device that is likely to be under the control of the legitimate user offers additional assurance that the transaction is being attempted by the legitimate user. One example of a device identifier is a cookie. Unfortunately, cookies can be stolen by techniques such as cross-site scripting attacks and farming attacks and then used to impersonate the device of a legitimate user. Another example of a device identifier indicative of a legitimate user's access is an IP address (e.g., in the same range as the victim's home or work computer). Unfortunately, IP addresses can be spoofed or appropriated through bots. Improvements in device identification techniques would therefore be desirable.